def get(self, request): header = JWTAuthentication().get_header(request) raw_token = JWTAuthentication.get_raw_token(self, header) validated_token = JWTAuthentication().get_validated_token(raw_token) user = JWTAuthentication.get_user(self, validated_token) # print(user.created_at) return Response( { "email": user.email, "name": user.name, "username": user.username, "is_superuser": user.is_superuser, "is_staff": user.is_staff, "is_verified": user.is_verified, # "created_at": user.created_at, # "updated_at": user.updated_at, # 'tokens': user.tokens, }, status=status.HTTP_200_OK)
def get_user(token): try: validated_token = JWTAuthentication().get_validated_token(token) user = JWTAuthentication().get_user(validated_token) return user except Exception as e: return AnonymousUser()
def test_get_token_for_user(self): """Checks access token generated by get_token_for_user()""" token = get_token_for_user(self.user) validated_token = JWTAuthentication().get_validated_token(token) token_user = JWTAuthentication().get_user(validated_token) self.assertEqual( self.user, token_user, msg="""Wrong User for token {}. Expected: {}. Obtained: {}.""". format(token, self.user, token_user))
def recipes_detail(request, pk): JWT = JWTAuthentication() request_data = JWT.authenticate( request) ##returns a tuple with user, token print(request_data[0]) user = request_data[0] try: recipe = Recipe.objects.get(pk=pk) except Recipe.DoesNotExist: return Response(status=status.HTTP_404_NOT_FOUND) if request.method == 'GET': serializer = RecipeSerializer(recipe) return Response(serializer.data) elif request.method == 'PUT': serializer = RecipeSerializer(recipe, data=request.data) if serializer.is_valid(): serializer.save(user=user) return Response(serializer.data) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) elif request.method == 'DELETE': recipe.delete() return Response(status=status.HTTP_204_NO_CONTENT)
def get(self, request, *args, **kwargs): jwt = JWTAuthentication() try: permanent_token = request.COOKIES["token-permanent"] token = Token.objects.get(key=permanent_token) user = User.objects.get(id=token.user_id) hello = f"It appears you already have a permanent Token, Hi {user}" return JsonResponse({"result": hello}, status=200) except: print( "the user has no cookie or the user has a cookie that should represent the permanent token but it is invalid" ) try: retrieved_permanent_token, created = Token.objects.get_or_create( user=request.user) response = JsonResponse({"result": "Success"}, status=200) response.set_cookie("token-permanent", retrieved_permanent_token.key) return response except: return JsonResponse({"result": "Bad Request"}, status=400)
def post(self, request): """ Save the landzones a user submits :author Munir Safi :since 2020-11-14 :param {request} the incoming rest_framework http request object """ if request.headers.get('Authorization', None) is not None: header_token = request.headers['Authorization'].split(' ')[1] jwt_object = JWTAuthentication() valid_token = jwt_object.get_validated_token(header_token) user_email = jwt_object.get_user(valid_token) AuthUser = get_user_model() user = AuthUser.objects.get(email=user_email) for landzone in request.data['landzones']: if landzone.get('geoJSON', None) is not None: land_zone = LandZone(geo_json=landzone['geoJSON'], owner=user) land_zone.save() else: return Response( { 'message': 'You must include a \'geoJSON\' property in your array of objects' }, status=status.HTTP_400_BAD_REQUEST) return Response(status=status.HTTP_200_OK) else: return Response( {'message': 'You must be logged in to register a new zone!'}, status=status.HTTP_401_UNAUTHORIZED)
def delete(self, request): """ Deletes a list of given landzones :author Munir Safi :since 2020-11-19 :param {request} the incoming rest_framework http request object """ if request.headers.get('Authorization', None) is not None: header_token = request.headers['Authorization'].split(' ')[1] jwt_object = JWTAuthentication() valid_token = jwt_object.get_validated_token(header_token) user_email = jwt_object.get_user(valid_token) AuthUser = get_user_model() user = AuthUser.objects.get(email=user_email) for landzone_uuid in request.data: zone = LandZone.objects.get(uuid=landzone_uuid) if zone.owner == user: zone.delete() else: return Response( { 'message': 'You are attempting to delete an area that you have no privelages for' }, status=status.HTTP_401_UNAUTHORIZED) return Response(status=status.HTTP_200_OK) else: return Response( {'message': 'You must be logged in to delete a zone!'}, status=status.HTTP_401_UNAUTHORIZED)
def getuserinfo(request, ): # print(request.headers["Authorization"]) user = JWTAuthentication().authenticate(request) # print("用户",user[0]) seria = UserSerializer(instance=user[0]) # print("用户数据",seria.data) return Response(seria.data, status=status.HTTP_200_OK)
def has_permission(self, request, view): jwt_object = JWTAuthentication() header = jwt_object.get_header(request) raw_token = jwt_object.get_raw_token(header) validated_token = jwt_object.get_validated_token(raw_token) user = jwt_object.get_user(validated_token) return user.is_staff
def post(self, request): """ Validates the current user, then updates their password using the new given password :author Munir Safi :since 2020-11-14 :param {request} the incoming rest_framework http request object """ if request.headers.get('Authorization', None) is not None: header_token = request.headers['Authorization'].split(' ')[1] jwt_object = JWTAuthentication() valid_token = jwt_object.get_validated_token(header_token) user_email = jwt_object.get_user(valid_token) AuthUser = get_user_model() user = AuthUser.objects.get(email=user_email) user.set_password(request.data['password']) user.save() refresh = RefreshToken.for_user(user) return Response({ 'refresh': str(refresh), 'access': str(refresh.access_token) }) else: return Response( { 'message': 'Cannot change user password if no user is active' }, status=status.HTTP_400_BAD_REQUEST)
def format_data(self, data): JWT_authenticator = JWTAuthentication() # decode token user, _ = JWT_authenticator.authenticate(self.request) data['user'] = user.id data['date'] = format_date(data['date']) return data
def validate(self, attrs): refresh = RefreshToken(attrs['refresh']) data = {'access': str(refresh.access_token)} if settings.SIMPLE_JWT['ROTATE_REFRESH_TOKENS']: if settings.SIMPLE_JWT['BLACKLIST_AFTER_ROTATION']: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() data['refresh'] = str(refresh) jwt_obj = JWTAuthentication() user = jwt_obj.get_user(refresh.access_token) user_serializer = UserSerializer(user) data['user'] = user_serializer.data data['token_expire_at'] = refresh.access_token.get('exp') data['refresh_token_expire_at'] = refresh.get('exp') return data
def get(self, request): user = JWTAuthentication().authenticate(request=request)[0] followings = FollowConnect.objects.filter(follower=user) serializer = FollowingSerializer((followings), many=True) return Response(serializer.data)
def post(self, request): user = JWTAuthentication().authenticate(request=request)[0] target = User.objects.get(pk=loads(request.body)['follow_id']) FollowConnect.objects.filter(follower=user, following=target).delete() return Response({"message": "Unfollowed"})
def __call__(self, request): valid_dbs = settings.DATABASES # Fetch db according to customer's privilege try: user = JWTAuthentication().authenticate(request) except AuthenticationFailed as e: request_config.privilege_db = 'default' else: if not user: privilege = 'default' else: user = user[0] privilege = user.privilege request_config.privilege_db = privilege if valid_dbs.get( privilege, None) else 'default' # Continue chain response = self.get_response(request) if hasattr(request_config, 'privilege_db'): del request_config.privilege_db return response
def _check_login_social_simple_jwt_only(self, url, data, token_type): resp = self.client.post(url, data) self.assertEqual(resp.status_code, 200) # check token valid jwt_auth = JWTAuthentication() token_instance = jwt_auth.get_validated_token(resp.data['token']) self.assertEqual(token_instance['token_type'], token_type)
def process_request(self, request): """ request: django.core.handlers.wsgi.WSGIRequest """ # white_url_list=["/v1/auth/login","/v1/user/register","/v1/token","^/admin/*","^/static/*"] # for url in white_url_list: # if re.search(url,request.path): # print("no need 验证!") # return None jwt_token = request.headers.get('Authorization', None) # If token Exists if jwt_token: # 已经登录才做权限校验 white_url_list = [ "/v1/auth/login", "/v1/user/register", "/v1/token", "^/admin/*", "^/static/*" ] for url in white_url_list: if re.search(url, request.path): print("no need 验证!") return None try: user, access_token = JWTAuthentication().authenticate(request) # access_token <class 'rest_framework_simplejwt.tokens.AccessToken request.user, request.auth = user, access_token print(request.user) if re.search("^/v1/app", request.path): if not _check_permission_from_cache(user=user, url_path=request.path): return HttpResponseForbidden( "user role has no this operation permission!") return None except InvalidToken as exc: return HttpResponseForbidden(exc.default_detail) else: # 未登录,直接不做权限校验 return None
def validate(self, attrs): data = super().validate(attrs) jwt_object = JWTAuthentication() validated_token = jwt_object.get_validated_token(attrs.get('token')) user = jwt_object.get_user(validated_token) user_serializer = UserSerializer(user) data['user'] = user_serializer.data return data
def get_user_for_token(token_key): try: jwt_object = JWTAuthentication() validated_token = jwt_object.get_validated_token(token_key) user = jwt_object.get_user(validated_token) return user except Token.DoesNotExist: return AnonymousUser()
def authenticate_from_token(request): jwt_object = JWTAuthentication() header = jwt_object.get_header(request) raw_token = jwt_object.get_raw_token(header) validated_token = jwt_object.get_validated_token(raw_token) user = jwt_object.get_user(validated_token) request.data["user"] = user.id return request
def get_jwt_payload(request): jwt_object = JWTAuthentication() header = jwt_object.get_header(request) raw_token = jwt_object.get_raw_token(header) validated_token = jwt_object.get_validated_token(raw_token) token_backend = TokenBackend(algorithm='HS256') payload = token_backend.decode(token=str(validated_token), verify=False) return payload
def get_user_from_access_token_or_401(access_token): jwt_authenticaton = JWTAuthentication() validated_token = jwt_authenticaton.get_validated_token(access_token) try: return jwt_authenticaton.get_user(validated_token) except AuthenticationFailed: raise NotAuthenticated401
def process_view(self, request, view_func, view_args, view_kwargs): jwt_object = JWTAuthentication() header = jwt_object.get_header(request) if header is not None: raw_token = jwt_object.get_raw_token(header) validated_token = jwt_object.get_validated_token(raw_token) request.user = jwt_object.get_user(validated_token) return None return Response({'error': "Invalid Token"}, status=200)
def __call__(self, request): if not request.user.is_authenticated: user_auth_tupple = JWTAuthentication().authenticate(request) if user_auth_tupple is not None: request.user, request.auth = user_auth_tupple response = self.get_response(request) return response
def post(self, request): user = JWTAuthentication().authenticate(request=request)[0] post = Post() post.author = user post.post = loads(request.body)['post'] post.save() return Response(PostSerializer(post).data)
def getuserinfo(request): print("hello") print(request) print(request.headers["Authorization"]) user = JWTAuthentication().authenticate(request) print("用户", user[0]) seria = UserSerializer(instance=user[0]) # seria.is_valid(raise_exception=True) # print(seria.data) return Response(seria.data, status=status.HTTP_200_OK)
def get_user_by_token(request): user = None authorization = request.META.get('HTTP_AUTHORIZATION', " ") try: token_flag = authorization.split(' ')[0] token = authorization.split(' ')[1] except IndexError: token_flag = None token = None if token_flag == 'simplejwt': from rest_framework_simplejwt.authentication import JWTAuthentication raw_token = JWTAuthentication().get_validated_token(token) user = JWTAuthentication().get_user(raw_token) elif token_flag == 'oauth': raise NotImplementedError('OAuth is not implemented yet at django-ten') elif token_flag == 'hawk': raise NotImplementedError('Hawk is not implemented yet at django-ten') elif token_flag == 'httpsignature': raise NotImplementedError( 'HTTP Signature Authentication is not implemented yet at django-ten' ) elif token_flag == 'djoser': raise NotImplementedError( 'Djoser is not implemented yet at django-ten') elif token_flag == 'django-rest-auth': raise NotImplementedError( 'Django-rest-auth is not implemented yet at django-ten') elif token_flag == 'django-rest-framework-social-oauth2': raise NotImplementedError( 'django-rest-framework-social-oauth2 is not implemented yet at django-ten' ) elif token_flag == 'django-rest-knox': raise NotImplementedError( 'django-rest-knox is not implemented yet at django-ten') elif token_flag == 'drfpasswordless': raise NotImplementedError( 'drfpasswordless is not implemented yet at django-ten') if user is None: user = AnonymousUser() return user
def get_current_user(request): jwt_obj = JWTAuthentication() val_token = jwt_obj.get_validated_token( request.META.get('HTTP_AUTHORIZATION').replace('JWT ', '')) user = jwt_obj.get_user(val_token) return JsonResponse({ "uid": user.id, "username": user.username, "is_staff": user.is_staff })
def update(self, request, *args, **kwargs): if self.request.method == 'PUT': return Response({'message': "METHOD NOT ALLOWED"}, status=status.HTTP_405_METHOD_NOT_ALLOWED) if self.request.method == 'PATCH': if 'approved' in self.request.data and not JWTAuthentication( ).authenticate(self.request): return Response({'message': 'ILLEGAL OPERATION'}, status=status.HTTP_401_UNAUTHORIZED) return super().update(request, *args, **kwargs)
def get(self, request): user = JWTAuthentication().authenticate(request=request)[0] following = FollowConnect.objects.filter( follower=user).values('following') posts = Post.objects.filter(author__in=following) postsSerializer = PostSerializer(posts, many=True) user = UserSerializer(user) return Response({"user": user.data, "posts": postsSerializer.data})